r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 408d1564e8f59e6626e41be4106ce2e6
4149a1f17e8f7c446e7aa4963f3a49b6a00b6164
46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10784
Expires: Thu, 09 Feb 2023 13:56:10 GMT
Date: Thu, 09 Feb 2023 10:56:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12649
Expires: Thu, 09 Feb 2023 14:27:15 GMT
Date: Thu, 09 Feb 2023 10:56:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5713
Expires: Thu, 09 Feb 2023 12:31:39 GMT
Date: Thu, 09 Feb 2023 10:56:26 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 10:34:15 GMT
content-type: application/json
age: 1331
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: S6P6IRMwFACgm6r2TVgqEK6BiUcDrmT+fKgrTmhYGT/o1iQtFuRNcR4hoqhJ+T7lm0GCNVc9bfY=
x-amz-request-id: CGD0J38DM8PZ5J5W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 10:46:22 GMT
age: 604
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 10:56:26 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
218.150.240.155/
218.150.240.155200 OK 461 B IP 218.150.240.155:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a92780e7f8998e405118e3cf5b314aff
00ad096465ab9a1874d8357c24008ba06c820136
097f8f5b41734250885e667013535056a56b8a8dfc82e9a036b4c899eef412a9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Etag: 1525843494
Access-Control-Allow-Origin: *
Content-Length: 461
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 10:14:53 GMT
age: 2493
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5612
Expires: Thu, 09 Feb 2023 12:29:58 GMT
Date: Thu, 09 Feb 2023 10:56:26 GMT
Connection: keep-alive
push.services.mozilla.com/
34.213.106.99101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.106.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I+wgFGKmwHjlC9JRsCQqhg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: w9KdmbJIh/+cbwjJ6UqQ/9DtXdQ=
218.150.240.155/index.html?_1675940245300
218.150.240.155200 OK 11 kB URL HTTP/1.1 218.150.240.155/index.html?_1675940245300
IP 218.150.240.155:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 26d6415a95ed31f8cbdf365b89286e5a
3483900baa711a4a7736a3ce8a6ee03de6be172b
fd9e4fb2ed5e737cfab0b77e16e8e130aa10a1f920563df9474e6eee99ac61cf
Analyzer Verdict Alert quad9 Sinkholed
GET /index.html?_1675940245300 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Etag: 1503994930
Access-Control-Allow-Origin: *
Content-Length: 10800
Connection: keep-alive
218.150.240.155/js/LAB.min.js
218.150.240.155200 OK 5.5 kB URL HTTP/1.1 218.150.240.155/js/LAB.min.js
IP 218.150.240.155:0
File type ASCII text, with very long lines (5389)
Hash e842152f94c9b774040a36d6912188d9
82bac8881a591d959d78c37edc73bffd3cd9ae74
bf1fce150ff945b16370d23bed230287f97d36a1b0a13f62abeb89c2ca3f61e7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/LAB.min.js HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1460087420
Access-Control-Allow-Origin: *
Content-Length: 5490
Connection: keep-alive
218.150.240.155/css/main.css
218.150.240.155200 OK 6.5 kB URL HTTP/1.1 218.150.240.155/css/main.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 2dc91b4267bd3525cbe3ed34d637082d
313f8b47d28ab2a996215ac32c5301cb81f346ce
abca4e53be3a2a6d42c9ddfdb1542056671f7fe79d501aab20e9070261f647e0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/main.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1495790868
Access-Control-Allow-Origin: *
Content-Length: 6515
Connection: keep-alive
218.150.240.155/css/RSUI.css
218.150.240.155200 OK 1.9 kB URL HTTP/1.1 218.150.240.155/css/RSUI.css
IP 218.150.240.155:0
File type ASCII text, with CRLF line terminators
Hash acd558fc6ff464e9f4ff13de44046566
d6c5f46863fe96c92ee524ae1e2f76a4f8f23811
b902499db582243a23c4467ed5546331f4437deab3007deec7fa267a4dbec044
Analyzer Verdict Alert quad9 Sinkholed
GET /css/RSUI.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1479260990
Access-Control-Allow-Origin: *
Content-Length: 1929
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
218.150.240.155200 OK 278 B URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 8d2799f78a6b6ce3db8217cc45b7a60c
34c439a1627a4a33d5327f879267fcd34f7bd688
f54b597dbc63181d070b07365ec4bd83b99ae7361b1247e918888948c95a5190
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-all.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1465278816
Access-Control-Allow-Origin: *
Content-Length: 278
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13054
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 10:56:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13054
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 10:56:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13054
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 10:56:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13054
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 10:56:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa089b5-b6af-40bb-98d7-cfce928d0761.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa089b5-b6af-40bb-98d7-cfce928d0761.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0e9c6d739031209088f6dbbf08f19e59
649a29bfcc9fa92c656231bad3ce41e88c4037a6
520f00562077664a006b427c200a9f3c42dbeba3fed67bdc61537e71adcf6fc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa089b5-b6af-40bb-98d7-cfce928d0761.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9872
x-amzn-requestid: 62e9b3ff-7a27-4d74-90b0-ef7aeabaad39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f53QlGE4oAMF53A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e09f36-79e1ef9f3c167abb05cfefd4;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 06:33:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: i887GcI8RbG4H_MBORz2PmKh4q33pZ2jLz1f4MZNbolHX4b9O_f-aw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 23:57:48 GMT
age: 39520
etag: "649a29bfcc9fa92c656231bad3ce41e88c4037a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 48111
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 80100
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce710ab5746832fe637fada3e6d63abf
d545c85d4a8cf92dc8b88db0a056623d1ef7a943
40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: 7e2b1875-ecf9-4ee9-8d5a-a911fdd28d16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AColKGwOIAMFyqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e42153-097b982244d3ad7b6f49a392;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 22:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Uvdg9MhYDsR9aC-s_chZDKp7_5RzhQfTwXZ0epZVW7TUVdrdADUEfQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 03:49:25 GMT
age: 25623
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa8bb3f20238f62a7a6ebb5d0985192a
f6b3839bfb0cf51d63e9eff2de402495906cd19b
db5ad61fdd000a13b6c8952d1614a6ab18e5f7104270d6471df96f773dacf4e4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 92d41e06-632b-43f9-828e-268bc024875c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGuESYIAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f7-599e0f7d327a69921d447f7e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ouX4yFdSvKvEUowCAqs8iTO2SOZuEFa2dGuMDeb_pygK0DbvS8XlHg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:10:46 GMT
age: 45942
etag: "f6b3839bfb0cf51d63e9eff2de402495906cd19b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 48104
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-dialog.css
218.150.240.155200 OK 14 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-dialog.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (305), with CRLF line terminators
Hash 1f99e3347cf783c8f4de6d5c69c7720e
59605c2cb5db7ae737725ab80df257824416af17
420e6e20e271d4b0a16dcb48e9f4dee97d824f3f4a26e8f23c4bc991074f23a7
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-dialog.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1493863648
Access-Control-Allow-Origin: *
Content-Length: 14373
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-layout.css
218.150.240.155200 OK 7.6 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-layout.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 92cad57b46713293ced75ee551d1a9d0
d18d7639883e4bbace6631cb3e0c30c2ec90350d
384d092cd74c1281b253f9616ba1d033f3ed56668a8d0c4f2d0851c0af40b28f
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-layout.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1470905159
Access-Control-Allow-Origin: *
Content-Length: 7632
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-menu.css
218.150.240.155200 OK 2.0 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-menu.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4b3800820d6aef7851bd3bd8e675ffc2
9ecdd4344c8221216b36e6b305977670c5302d7b
813777e6a74a386a8bf4b67ee7dae46e5144be07d17d84f8b3c6fbacf99872ac
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-menu.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1470987384
Access-Control-Allow-Origin: *
Content-Length: 2015
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-common.css
218.150.240.155200 OK 6.8 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-common.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (581), with CRLF line terminators
Hash c2f05706c81d4712cbaece0f3e680f92
8126cdfbd2eef2450ac31574d593cdfdd0b0370e
3e505ad314021e63e14f61000510cf250f0cd84f8423123bd43bc64c07e85c5b
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-common.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1476321268
Access-Control-Allow-Origin: *
Content-Length: 6806
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-tab.css
218.150.240.155200 OK 6.2 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-tab.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 0bcb972d3599392d43d3c1ed65645465
9a526455f1952b0546be3d484194ea48f3873eb9
cdefe689cb9d036f86f3470cfc250c5923f1dfd07cb25032427026031e805136
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-tab.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1470987384
Access-Control-Allow-Origin: *
Content-Length: 6197
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-form.css
218.150.240.155200 OK 19 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-form.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (512), with CRLF line terminators
Hash d0cf0faa08dea4e05486897890c68956
8dba9d15cbd2cf21db3fb518190b73cf6ef62ef4
cd75e612c778888531ea6a3b5fa35ee738cf221d85992f6de2467f367695a231
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-form.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1470987384
Access-Control-Allow-Origin: *
Content-Length: 19338
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-grid.css
218.150.240.155200 OK 16 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-grid.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 2fc94e92acb9c378bcabaed91f813978
3a959862f7435b6d1b32ad3e5858717ba4e3b814
2b12768fd498b055904c021312839cc23a6919863101722168f867ece25c8f06
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-grid.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1476321268
Access-Control-Allow-Origin: *
Content-Length: 15484
Connection: keep-alive
218.150.240.155/ligerUI/skins/Aqua/css/ligerui-tree.css
218.150.240.155200 OK 3.0 kB URL HTTP/1.1 218.150.240.155/ligerUI/skins/Aqua/css/ligerui-tree.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash d5233c0719a0623a11fb57adc401bfc8
a8a3a0d3ae7b8e22a6b85e0813784d2ef9865a70
d9e96b1eb0847cc615fe4118be6dd96b9761b5102676ccc2f00a231d4162d02f
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/skins/Aqua/css/ligerui-tree.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/ligerUI/skins/Aqua/css/ligerui-all.css
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1470987384
Access-Control-Allow-Origin: *
Content-Length: 3021
Connection: keep-alive
218.150.240.155/favicon.ico
218.150.240.155404 Not Found 0 B URL HTTP/1.1 218.150.240.155/favicon.ico
IP 218.150.240.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 404 Not Found
Content-Type: image/vnd.microsoft.icon
Access-Control-Allow-Origin: *
Content-Length: 0
Connection: keep-alive
218.150.240.155/js/pluginVersion.js?version=1675940247683
218.150.240.155200 OK 115 B URL HTTP/1.1 218.150.240.155/js/pluginVersion.js?version=1675940247683
IP 218.150.240.155:0
File type ASCII text, with CRLF line terminators
Hash 8133a8d7adcc27c3b0b7e03bc549794e
f72f6fec88d7b78b44166c9b3ac88fc3eb87a983
15248789f6ffa4838abc5126600a327dab6e021ed01915772feea0131b57fc9e
Analyzer Verdict Alert quad9 Sinkholed
GET /js/pluginVersion.js?version=1675940247683 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1525843502
Access-Control-Allow-Origin: *
Content-Length: 115
Connection: keep-alive
218.150.240.155/js/json.js?version=1.0.1.17
218.150.240.155200 OK 5.0 kB URL HTTP/1.1 218.150.240.155/js/json.js?version=1.0.1.17
IP 218.150.240.155:0
Hash 34f7231a0a213167e801318716261d1e
f9383563b79b1df26542b6ede395bb8d1213f904
5b7242ed8e6fe3e6afec7c014b7c66fc1bd68a7b2e0d2706ffaab7876ab8f94a
Analyzer Verdict Alert quad9 Sinkholed
GET /js/json.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1460087419
Access-Control-Allow-Origin: *
Content-Length: 4955
Connection: keep-alive
218.150.240.155/js/jquery-1.11.1.min.js
218.150.240.155200 OK 96 kB URL HTTP/1.1 218.150.240.155/js/jquery-1.11.1.min.js
IP 218.150.240.155:0
File type ASCII text, with very long lines (32086)
Hash 8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/jquery-1.11.1.min.js HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1460087420
Access-Control-Allow-Origin: *
Content-Length: 95786
Connection: keep-alive
218.150.240.155/js/jcookie.js?version=1.0.1.17
218.150.240.155200 OK 1.8 kB URL HTTP/1.1 218.150.240.155/js/jcookie.js?version=1.0.1.17
IP 218.150.240.155:0
File type ASCII text, with CRLF line terminators
Hash 5ce74bbdfb5c027a12b22783cbc34824
66c014ee9b0c9d8dbac4c261e6ac28a5262e7a25
20e17c0c5216d9fcd9bc639e7f11a96a2743ccfebd6ca0a490f6428aba025019
Analyzer Verdict Alert quad9 Sinkholed
GET /js/jcookie.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1467766103
Access-Control-Allow-Origin: *
Content-Length: 1753
Connection: keep-alive
218.150.240.155/js/RSUI.js?version=1.0.1.17
218.150.240.155200 OK 14 kB URL HTTP/1.1 218.150.240.155/js/RSUI.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 6db0cf8c8657daf9cf89d3923a4f7f2d
76e9f2ac21fb749f7555c5035e38fefc646eb218
a77c9f3937ed50541f2f5e8e2cd62293f6423bf33e5e91f225518b992c802cba
Analyzer Verdict Alert quad9 Sinkholed
GET /js/RSUI.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1484711314
Access-Control-Allow-Origin: *
Content-Length: 14240
Connection: keep-alive
218.150.240.155/js/CProgress.js?version=1.0.1.17
218.150.240.155200 OK 2.4 kB URL HTTP/1.1 218.150.240.155/js/CProgress.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash bc9e0142e6cb186e59bf3fdf275d1aff
237347d2b2a22767dcf513ead052af80c569afa6
208246414a3fc2e2a52885ea002913749ba455038ee019be51f83865045a78da
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/CProgress.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1460087418
Access-Control-Allow-Origin: *
Content-Length: 2400
Connection: keep-alive
218.150.240.155/js/function.js?version=1.0.1.17
218.150.240.155200 OK 8.0 kB URL HTTP/1.1 218.150.240.155/js/function.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash bc2faa43c45a7622a36084260156fa45
f200ace1c239390dae39a4449d807a83fd0f6961
37691844e7e8ab530111dc9afdd05fe58cf36980344577cde1033260e0052c0f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/function.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1484733538
Access-Control-Allow-Origin: *
Content-Length: 8025
Connection: keep-alive
218.150.240.155/js/class.js?version=1.0.1.17
218.150.240.155200 OK 37 kB URL HTTP/1.1 218.150.240.155/js/class.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 19839ad607db76cfdb3319740a36e37c
83921e73b6422d436cecf15d5c5a36b0493c2e7f
d88ae70c1c2c3b725d346ddb5c2432386953bc735ab853f1b55432e2e5618803
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/class.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1520222182
Access-Control-Allow-Origin: *
Content-Length: 36597
Connection: keep-alive
218.150.240.155/js/common.js?version=1.0.1.17
218.150.240.155200 OK 38 kB URL HTTP/1.1 218.150.240.155/js/common.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 27e3e95afd21712f1dbd164388c5bdb1
74870922f39b01e9f67fb7b7737b3b2bb7842775
bcc58b73f695b0bbd0220207bb41533d711bd39e40752f451ffa26030ec2afc3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/common.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1497949860
Access-Control-Allow-Origin: *
Content-Length: 38471
Connection: keep-alive
218.150.240.155/js/divBox.js?version=1.0.1.17
218.150.240.155200 OK 10 kB URL HTTP/1.1 218.150.240.155/js/divBox.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash fde6316f7b46bcbb2a6e8e13e7fb2943
5bbc43bfc3d541e80a3054ba00ca9301a41ea523
64c9d2bdeb4c0b6c2412f15748714fd0a6072232ddbe0b1c3479429c5521fd33
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/divBox.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1525685922
Access-Control-Allow-Origin: *
Content-Length: 9970
Connection: keep-alive
218.150.240.155/js/jquery.qrcode.min.js?version=1.0.1.17
218.150.240.155200 OK 14 kB URL HTTP/1.1 218.150.240.155/js/jquery.qrcode.min.js?version=1.0.1.17
IP 218.150.240.155:0
File type ASCII text, with very long lines (544)
Hash 05f0b1d7d4b9b0b4975870606d650e3c
f424bd339870510d1160d1c5da5d698aedbb452e
f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/jquery.qrcode.min.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1460087420
Access-Control-Allow-Origin: *
Content-Length: 13995
Connection: keep-alive
218.150.240.155/js/language.js?version=1.0.1.17
218.150.240.155200 OK 143 kB URL HTTP/1.1 218.150.240.155/js/language.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size 143 kB (143180 bytes)
Hash 90d888ec79807eb86c7daf0b70ed9406
d45456209b4ecbea2af1c06480ef1fc9c49dfef3
84135d336ac8ad5f1a3e624b51b7dbc93b428257d36b040834cf77e9b20ef227
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/language.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1525771156
Access-Control-Allow-Origin: *
Content-Length: 143180
Connection: keep-alive
218.150.240.155/js/jquery.base64.js?version=1.0.1.17
218.150.240.155200 OK 4.5 kB URL HTTP/1.1 218.150.240.155/js/jquery.base64.js?version=1.0.1.17
IP 218.150.240.155:0
File type Algol 68 source text\012- Pascal source, ASCII text
Hash 20b1c2c863902e5bda8bab936f3acaf9
1ae88b012c9af18c8b03222810f80d9b324102c2
d38111b8e9d0a7e37b99e00917719eeea05c49c2c0e4da7861ab337e92b61d9b
Analyzer Verdict Alert quad9 Sinkholed
GET /js/jquery.base64.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1361287218
Access-Control-Allow-Origin: *
Content-Length: 4498
Connection: keep-alive
218.150.240.155/js/plugin.js?version=1.0.1.17
218.150.240.155200 OK 42 kB URL HTTP/1.1 218.150.240.155/js/plugin.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 39ccad1439975b39e538fe9763da99c8
efa65e6685aa73af6ea5321beda332a3615dbf40
1c8ecdd5e17f9164501423f8bc70b60304915617a2949f72cbe457fddad9696c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/plugin.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1520222218
Access-Control-Allow-Origin: *
Content-Length: 42204
Connection: keep-alive
218.150.240.155/ligerUI/js/ligerui.min.js?version=1.0.1.17
218.150.240.155200 OK 136 kB URL HTTP/1.1 218.150.240.155/ligerUI/js/ligerui.min.js?version=1.0.1.17
IP 218.150.240.155:0
File type ISO-8859 text, with very long lines (4671), with CRLF line terminators
Size 136 kB (135881 bytes)
Hash 6ff162554a4af4bdfc987ef94e118c5d
3e42873f2466a3359f1daf3adbcb50b2a84bf527
8e10fc96a223aed4ba0e6e51c50bb8a780208423f2fd7a2a3754662e0afeeb1d
Analyzer Verdict Alert quad9 Sinkholed
GET /ligerUI/js/ligerui.min.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1467614479
Access-Control-Allow-Origin: *
Content-Length: 135881
Connection: keep-alive
218.150.240.155/js/main.js?version=1.0.1.17
218.150.240.155200 OK 98 kB URL HTTP/1.1 218.150.240.155/js/main.js?version=1.0.1.17
IP 218.150.240.155:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (498), with CRLF line terminators
Hash e9cdee88a7f4cd3146b0e59bc8dccf94
d2bba936dd4454a7fcced7cb55eae835e9d88d76
57c216c24507d96385fdf3aab14579022115c6e60f118287ff9da32b882822e0
Analyzer Verdict Alert quad9 Sinkholed
GET /js/main.js?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1524807092
Access-Control-Allow-Origin: *
Content-Length: 97597
Connection: keep-alive
218.150.240.155/html/webplugins.html?version=1.0.1.17
218.150.240.155200 OK 615 B URL HTTP/1.1 218.150.240.155/html/webplugins.html?version=1.0.1.17
IP 218.150.240.155:0
File type ASCII text, with CRLF line terminators
Hash b65347996a1cf884160560d97f156e77
5d6a6546760962562c8e781fa15f2ef3ba75fac1
919bf6db949372d06be39882bf2036613a1993998bca596c9a85953d4f594f34
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /html/webplugins.html?version=1.0.1.17 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: text/html
Etag: 1460087415
Access-Control-Allow-Origin: *
Content-Length: 615
Connection: keep-alive
218.150.240.155/js/webplugins.js?version=1.0.1.17&_=1675940249427
218.150.240.155200 OK 943 B URL HTTP/1.1 218.150.240.155/js/webplugins.js?version=1.0.1.17&_=1675940249427
IP 218.150.240.155:0
File type ASCII text, with CRLF line terminators
Hash 9676b07fdac024c457a595717f7b01f5
9ba468718e877ebaa2d1a400bb7e8afebe259b7f
0de2de62417684442247839a6942c072f45e791c26412da6b1dce373440916a3
Analyzer Verdict Alert quad9 Sinkholed
GET /js/webplugins.js?version=1.0.1.17&_=1675940249427 HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Etag: 1496369310
Access-Control-Allow-Origin: *
Content-Length: 943
Connection: keep-alive
218.150.240.155/css/webplugins.css
218.150.240.155200 OK 447 B URL HTTP/1.1 218.150.240.155/css/webplugins.css
IP 218.150.240.155:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash ddae9ef6ef799a16583037c8f8a873a5
6bce4fb79909df056ea21ddf747f9b5abbe306fd
687a96b2097d73a6b35a628745fd3658db57e7c0dac65dada6de70b5fdeb6266
Analyzer Verdict Alert quad9 Sinkholed
GET /css/webplugins.css HTTP/1.1
Host: 218.150.240.155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://218.150.240.155/index.html?_1675940245300
HTTP/1.1 200 OK
Content-Type: text/css
Etag: 1478223988
Access-Control-Allow-Origin: *
Content-Length: 447
Connection: keep-alive